@devtion/devcli 0.0.0-b499eaf → 0.0.0-c1f4cbe

package/dist/.env

@@ -23,6 +23,13 @@ FIREBASE_CF_URL_VERIFY_CONTRIBUTION=https://verifycontribution-mq4aqokliq-ew.a.r
 
 # The unique identifier for the Github client associated to the OAuth Application.
 AUTH_GITHUB_CLIENT_ID=e9f8a5fabdfe0d95618c
+### BANDADA AUTHENTICATION ###
+# The Bandada API URL to be used for authentication.
+BANDADA_API_URL=https://api.bandada.pse.dev/
+# The Bandada group id that will be used for the credentials criteria (e.g. GH followers)
+BANDADA_GROUP_ID=40887196405294111455930028907236
+# The Bandada dashboard URL to administrate the groups
+BANDADA_DASHBOARD_URL=https://bandada.pse.dev/
 
 ### AWS S3 STORAGE ###
 ### These configs are related to the configuration of the interaction with the
@@ -38,4 +45,11 @@ CONFIG_CEREMONY_BUCKET_POSTFIX=-p0tion-development-environment
 # The amount of time in seconds which indicates the duration about the validity of a pre-signed URL.
 # default: 7200 seconds = 2 hours.
 CONFIG_PRESIGNED_URL_EXPIRATION_IN_SECONDS=7200
+
+
+# Sign In With Ethereum
+# Auth0 client id
+AUTH_SIWE_CLIENT_ID=tRuFnJNoPTJtKr1RynYfty6uJ16QzHXA
+# The Auth0 application url that support SIWE + Device Flow Authentication
+AUTH0_APPLICATION_URL=https://dev-l0tyk1agsmopw1xa.us.auth0.com
 

package/dist/index.js

@@ -10,19 +10,19 @@
 */
 import { createCommand } from 'commander';
 import fs, { readFileSync, createWriteStream, existsSync, renameSync } from 'fs';
-import { dirname } from 'path';
+import path, { dirname } from 'path';
 import { fileURLToPath } from 'url';
-import { zKey } from 'snarkjs';
+import { zKey, groth16 } from 'snarkjs';
 import boxen from 'boxen';
 import { pipeline } from 'node:stream';
 import { promisify } from 'node:util';
 import fetch$1 from 'node-fetch';
-import { commonTerms, formatZkeyIndex, getZkeyStorageFilePath, finalContributionIndex, createCustomLoggerForFile, getBucketName, progressToNextContributionStep, permanentlyStoreCurrentContributionTimeAndHash, convertToDoubleDigits, multiPartUpload, verifyContribution, generateGetObjectPreSignedUrl, convertBytesOrKbToGb, numExpIterations, getDocumentById, getParticipantsCollectionPath, fromQueryToFirebaseDocumentInfo, getAllCollectionDocs, extractPrefix, autoGenerateEntropy, vmConfigurationTypes, initializeFirebaseCoreServices, signInToFirebaseWithCredentials, getCurrentFirebaseAuthUser, isCoordinator, parseCeremonyFile, blake512FromPath, checkIfObjectExist, setupCeremony, genesisZkeyIndex, getR1csStorageFilePath, getWasmStorageFilePath, getPotStorageFilePath, extractPoTFromFilename, potFileDownloadMainUrl, createS3Bucket, potFilenameTemplate, getR1CSInfo, getOpenedCeremonies, getCeremonyCircuits, checkParticipantForCeremony, getCurrentActiveParticipantTimeout, getCircuitBySequencePosition, getCircuitContributionsFromContributor, progressToNextCircuitForContribution, resumeContributionAfterTimeoutExpiration, generateValidContributionsAttestation, getContributionsValidityForContributor, getClosedCeremonies, checkAndPrepareCoordinatorForFinalization, computeSHA256ToHex, finalizeCeremony, getVerificationKeyStorageFilePath, verificationKeyAcronym, getVerifierContractStorageFilePath, verifierSmartContractAcronym, finalizeCircuit, exportVkey, exportVerifierContract } from '@devtion/actions';
+import { commonTerms, formatZkeyIndex, getZkeyStorageFilePath, finalContributionIndex, createCustomLoggerForFile, getBucketName, progressToNextContributionStep, permanentlyStoreCurrentContributionTimeAndHash, convertToDoubleDigits, multiPartUpload, verifyContribution, generateGetObjectPreSignedUrl, convertBytesOrKbToGb, numExpIterations, getDocumentById, getParticipantsCollectionPath, fromQueryToFirebaseDocumentInfo, getAllCollectionDocs, extractPrefix, autoGenerateEntropy, vmConfigurationTypes, initializeFirebaseCoreServices, signInToFirebaseWithCredentials, getCurrentFirebaseAuthUser, isCoordinator, parseCeremonyFile, blake512FromPath, checkIfObjectExist, setupCeremony, genesisZkeyIndex, getR1csStorageFilePath, getWasmStorageFilePath, getPotStorageFilePath, extractPoTFromFilename, potFileDownloadMainUrl, createS3Bucket, potFilenameTemplate, getR1CSInfo, getOpenedCeremonies, getCeremonyCircuits, checkParticipantForCeremony, getCurrentActiveParticipantTimeout, getCircuitBySequencePosition, getCircuitContributionsFromContributor, progressToNextCircuitForContribution, resumeContributionAfterTimeoutExpiration, generateValidContributionsAttestation, getContributionsValidityForContributor, getClosedCeremonies, checkAndPrepareCoordinatorForFinalization, computeSHA256ToHex, finalizeCeremony, getVerificationKeyStorageFilePath, verificationKeyAcronym, getVerifierContractStorageFilePath, verifierSmartContractAcronym, finalizeCircuit, exportVkey, exportVerifierContract, getAllCeremonies } from '@devtion/actions';
 import fetch from '@adobe/node-fetch-retry';
 import { request } from '@octokit/request';
 import { SingleBar, Presets } from 'cli-progress';
 import dotenv from 'dotenv';
-import { GithubAuthProvider, getAuth, signOut } from 'firebase/auth';
+import { GithubAuthProvider, signInWithCustomToken, getAuth, signOut } from 'firebase/auth';
 import { getDiskInfoSync } from 'node-disk-info';
 import ora from 'ora';
 import { Timer } from 'timer-node';
@@ -36,7 +36,10 @@ import figlet from 'figlet';
 import { createOAuthDeviceAuth } from '@octokit/auth-oauth-device';
 import clipboard from 'clipboardy';
 import open from 'open';
-import { Timestamp, onSnapshot } from 'firebase/firestore';
+import { Identity } from '@semaphore-protocol/identity';
+import { httpsCallable } from 'firebase/functions';
+import { ApiSdk } from '@bandada/api-sdk';
+import { Timestamp, onSnapshot, doc, collection, getDocs } from 'firebase/firestore';
 import readline from 'readline';
 
 /**
@@ -97,7 +100,7 @@ const CORE_SERVICES_ERRORS = {
     FIREBASE_TOKEN_EXPIRED_REMOVED_PERMISSIONS: `The Github authorization has failed due to lack of association between your account and the CLI`,
     FIREBASE_USER_DISABLED: `The Github account has been suspended by the ceremony coordinator(s), blocking the possibility of contribution. Please, contact them to understand the motivation behind it.`,
     FIREBASE_FAILED_CREDENTIALS_VERIFICATION: `Firebase cannot verify your Github credentials due to network errors. Please, try once again later.`,
-    FIREBASE_NETWORK_ERROR: `Unable to reach Firebase due to network erros. Please, try once again later and make sure your Internet connection is stable.`,
+    FIREBASE_NETWORK_ERROR: `Unable to reach Firebase due to network errors. Please, try once again later and make sure your Internet connection is stable.`,
     FIREBASE_CEREMONY_NOT_OPENED: `There are no ceremonies opened to contributions`,
     FIREBASE_CEREMONY_NOT_CLOSED: `There are no ceremonies ready to finalization`,
     AWS_CEREMONY_BUCKET_CREATION: `Unable to create a new bucket for the ceremony. Something went wrong during the creation. Please, repeat the process by providing a new ceremony name of the ceremony.`,
@@ -235,6 +238,14 @@ const checkAndMakeNewDirectoryIfNonexistent = (directoryLocalPath) => {
 const writeLocalJsonFile = (filePath, data) => {
     fs.writeFileSync(filePath, JSON.stringify(data), "utf-8");
 };
+/**
+ * Return the local current project directory name.
+ * @returns <string> - the local project (e.g., dist/) directory name.
+ */
+const getLocalDirname = () => {
+    const filename = fileURLToPath(import.meta.url);
+    return path.dirname(filename);
+};
 
 // Get npm package name.
 const packagePath$4 = `${dirname(fileURLToPath(import.meta.url))}/..`;
@@ -250,6 +261,14 @@ const config = new Conf({
         accessToken: {
             type: "string",
             default: ""
+        },
+        bandadaIdentity: {
+            type: "string",
+            default: ""
+        },
+        authMethod: {
+            type: "string",
+            default: ""
         }
     }
 });
@@ -310,6 +329,39 @@ const setLocalAccessToken = (token) => config.set("accessToken", token);
  * Delete the stored access token.
  */
 const deleteLocalAccessToken = () => config.delete("accessToken");
+/**
+ * Return the Bandada identity, if present.
+ * @returns <string | undefined> - the Bandada identity if present, otherwise undefined.
+ */
+const getLocalBandadaIdentity = () => config.get("bandadaIdentity");
+/**
+ * Check if the Bandada identity exists in the local storage.
+ * @returns <boolean>
+ */
+const checkLocalBandadaIdentity = () => config.has("bandadaIdentity") && !!config.get("bandadaIdentity");
+/**
+ * Set the Bandada identity.
+ * @param identity <string> - the Bandada identity to be stored.
+ */
+const setLocalBandadaIdentity = (identity) => config.set("bandadaIdentity", identity);
+/**
+ * Delete the stored Bandada identity.
+ */
+const deleteLocalBandadaIdentity = () => config.delete("bandadaIdentity");
+/**
+ * Return the authentication method, if present.
+ * @returns <string | undefined> - the authentication method if present, otherwise undefined.
+ */
+const getLocalAuthMethod = () => config.get("authMethod");
+/**
+ * Set the authentication method.
+ * @param method <string> - the authentication method to be stored.
+ */
+const setLocalAuthMethod = (method) => config.set("authMethod", method);
+/**
+ * Delete the stored authentication method.
+ */
+const deleteLocalAuthMethod = () => config.delete("authMethod");
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.
@@ -420,7 +472,7 @@ const getGithubAuthenticatedUserGists = async (githubToken, params) => {
         headers: {
             authorization: `token ${githubToken}`
         },
-        per_page: params.perPage,
+        per_page: params.perPage, // max items per page = 100.
         page: params.page
     });
     if (response && response.status === 200)
@@ -468,8 +520,9 @@ const getPublicAttestationGist = async (githubToken, publicAttestationFilename)
  * @returns <string> - the third-party provider handle of the user.
  */
 const getUserHandleFromProviderUserId = (providerUserId) => {
-    if (providerUserId.indexOf("-") === -1)
-        showError(THIRD_PARTY_SERVICES_ERRORS.GITHUB_GET_GITHUB_ACCOUNT_INFO, true);
+    if (providerUserId.indexOf("-") === -1) {
+        return providerUserId;
+    }
     return providerUserId.split("-")[0];
 };
 /**
@@ -1560,16 +1613,37 @@ const checkAuth = async (firebaseApp) => {
         showError(THIRD_PARTY_SERVICES_ERRORS.GITHUB_NOT_AUTHENTICATED, true);
     // Retrieve local access token.
     const token = String(getLocalAccessToken());
-    // Get credentials.
-    const credentials = exchangeGithubTokenForCredentials(token);
-    // Sign in to Firebase using credentials.
-    await signInToFirebase(firebaseApp, credentials);
+    let providerUserId;
+    let username;
+    const authMethod = getLocalAuthMethod();
+    switch (authMethod) {
+        case "github": {
+            // Get credentials.
+            const credentials = exchangeGithubTokenForCredentials(token);
+            // Sign in to Firebase using credentials.
+            await signInToFirebase(firebaseApp, credentials);
+            // Get Github unique identifier (handle-id).
+            providerUserId = await getGithubProviderUserId(String(token));
+            username = getUserHandleFromProviderUserId(providerUserId);
+            break;
+        }
+        case "bandada": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token);
+            providerUserId = userCredentials.user.uid;
+            username = providerUserId;
+            break;
+        }
+        case "siwe": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token);
+            providerUserId = userCredentials.user.uid;
+            username = providerUserId;
+            break;
+        }
+    }
     // Get current authenticated user.
     const user = getCurrentFirebaseAuthUser(firebaseApp);
-    // Get Github unique identifier (handle-id).
-    const providerUserId = await getGithubProviderUserId(String(token));
     // Greet the user.
-    console.log(`Greetings, @${theme.text.bold(getUserHandleFromProviderUserId(providerUserId))} ${theme.emojis.wave}\n`);
+    console.log(`Greetings, @${theme.text.bold(username)} ${theme.emojis.wave}\n`);
     return {
         user,
         token,
@@ -2205,6 +2279,7 @@ const auth = async () => {
         // Generate a new access token using Github Device Flow (OAuth 2.0).
         const newToken = await executeGithubDeviceFlow(String(process.env.AUTH_GITHUB_CLIENT_ID));
         // Store the new access token.
+        setLocalAuthMethod("github");
         setLocalAccessToken(newToken);
     }
     else
@@ -2225,6 +2300,244 @@ const auth = async () => {
     terminate(providerUserId);
 };
 
+const { BANDADA_API_URL } = process.env;
+const bandadaApi = new ApiSdk(BANDADA_API_URL);
+const addMemberToGroup = async (groupId, dashboardUrl, identity) => {
+    const commitment = identity.commitment.toString();
+    const group = await bandadaApi.getGroup(groupId);
+    const providerName = group.credentials.id.split("_")[0].toLowerCase();
+    // 6. open a new window with the url:
+    const url = `${dashboardUrl}credentials?group=${groupId}&member=${commitment}&provider=${providerName}`;
+    console.log(`${theme.text.bold(`Verification URL:`)} ${theme.text.underlined(url)}`);
+    open(url);
+    const { confirmation } = await askForConfirmation("Did you join the Bandada group in the browser?");
+    if (!confirmation)
+        showError("You must join the Bandada group to continue the login process", true);
+};
+const isGroupMember = async (groupId, identity) => {
+    const commitment = identity.commitment.toString();
+    const isMember = await bandadaApi.isGroupMember(groupId, commitment);
+    return isMember;
+};
+
+const { BANDADA_DASHBOARD_URL, BANDADA_GROUP_ID } = process.env;
+const authBandada = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
+        const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`);
+        spinner.start();
+        // 1. check if _identity string exists in local storage
+        let identityString;
+        const isIdentityStringStored = checkLocalBandadaIdentity();
+        if (isIdentityStringStored) {
+            identityString = getLocalBandadaIdentity();
+            spinner.succeed(`Identity seed found\n`);
+        }
+        else {
+            spinner.warn(`Identity seed not found\n`);
+            // 2. generate a random _identity string and save it in local storage
+            const { seed } = await prompts({
+                type: "text",
+                name: "seed",
+                message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
+                initial: false
+            });
+            identityString = seed;
+            setLocalBandadaIdentity(identityString);
+        }
+        // 3. create a semaphore identity with _identity string as a seed
+        const identity = new Identity(identityString);
+        // 4. check if the user is a member of the group
+        console.log(`Checking Bandada membership...`);
+        const isMember = await isGroupMember(BANDADA_GROUP_ID, identity);
+        if (!isMember) {
+            await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity);
+        }
+        // 5. generate a proof that the user owns the commitment.
+        spinner.text = `Generating proof of identity...`;
+        spinner.start();
+        // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
+        const initDirectoryName = getLocalDirname();
+        const directoryName = initDirectoryName.includes("/src") ? "." : initDirectoryName;
+        const { proof, publicSignals } = await groth16.fullProve({
+            identityTrapdoor: identity.trapdoor,
+            identityNullifier: identity.nullifier,
+            externalNullifier: BANDADA_GROUP_ID
+        }, `${directoryName}/public/mini-semaphore.wasm`, `${directoryName}/public/mini-semaphore.zkey`);
+        spinner.succeed(`Proof generated.\n`);
+        spinner.text = `Sending proof to verification...`;
+        spinner.start();
+        // 6. send proof to a cloud function that verifies it and checks membership
+        const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof);
+        const result = await cf({
+            proof,
+            publicSignals
+        });
+        const { valid, token, message } = result.data;
+        if (!valid) {
+            showError(message, true);
+            deleteLocalAuthMethod();
+            deleteLocalAccessToken();
+            deleteLocalBandadaIdentity();
+        }
+        spinner.succeed(`Proof verified.\n`);
+        spinner.text = `Authenticating...`;
+        spinner.start();
+        // 7. Auth to p0tion firebase
+        const credentials = await signInWithCustomToken(getAuth(), token);
+        setLocalAuthMethod("bandada");
+        setLocalAccessToken(token);
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`);
+        console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
+    }
+    catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.");
+        console.error(error);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
+        deleteLocalBandadaIdentity();
+    }
+    process.exit(0);
+};
+
+const showVerificationCodeAndUri = async (OAuthDeviceCode) => {
+    // Copy code to clipboard.
+    let noClipboard = false;
+    try {
+        clipboard.writeSync(OAuthDeviceCode.user_code);
+        clipboard.readSync();
+    }
+    catch (error) {
+        noClipboard = true;
+    }
+    // Display data.
+    console.log(`${theme.symbols.warning} Visit ${theme.text.bold(theme.text.underlined(OAuthDeviceCode.verification_uri))} on this device to generate a new token and authenticate\n`);
+    console.log(theme.colors.magenta(figlet.textSync("Code is Below", { font: "ANSI Shadow" })), "\n");
+    const message = !noClipboard ? `has been copied to your clipboard (${theme.emojis.clipboard})` : ``;
+    console.log(`${theme.symbols.info} Your auth code: ${theme.text.bold(OAuthDeviceCode.user_code)} ${message} ${theme.symbols.success}\n`);
+    const spinner = customSpinner(`Redirecting to Github...`, `clock`);
+    spinner.start();
+    await sleep(10000); // ~10s to make users able to read the CLI.
+    try {
+        // Automatically open the page (# Step 2).
+        await open(OAuthDeviceCode.verification_uri);
+    }
+    catch (error) {
+        console.log(`${theme.symbols.info} Please authenticate via GitHub at ${OAuthDeviceCode.verification_uri}`);
+    }
+    spinner.stop();
+};
+/**
+ * Return the token to sign in to Firebase after passing the SIWE Device Flow
+ * @param clientId <string> - The client id of the Auth0 application.
+ * @param firebaseFunctions <any> - The Firebase functions instance to call the cloud function
+ * @returns <string> - The token to sign in to Firebase
+ */
+const executeSIWEDeviceFlow = async (clientId, firebaseFunctions) => {
+    // Call Auth0 endpoint to request device code uri
+    const OAuthDeviceCode = (await fetch$1(`${process.env.AUTH0_APPLICATION_URL}/oauth/device/code`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+            client_id: clientId,
+            scope: "openid",
+            audience: `${process.env.AUTH0_APPLICATION_URL}/api/v2/`
+        })
+    }).then((_res) => _res.json()));
+    await showVerificationCodeAndUri(OAuthDeviceCode);
+    // Poll Auth0 endpoint until you get token or request expires
+    let isSignedIn = false;
+    let isExpired = false;
+    let auth0Token = "";
+    while (!isSignedIn && !isExpired) {
+        // Call Auth0 endpoint to request token
+        const OAuthToken = (await fetch$1(`${process.env.AUTH0_APPLICATION_URL}/oauth/token`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+                client_id: clientId,
+                device_code: OAuthDeviceCode.device_code,
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+            })
+        }).then((_res) => _res.json()));
+        if (OAuthToken.error) {
+            if (OAuthToken.error === "authorization_pending") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000);
+            }
+            else if (OAuthToken.error === "slow_down") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000 * 2);
+            }
+            else if (OAuthToken.error === "expired_token") {
+                // The user didn't sign in on time
+                isExpired = true;
+            }
+        }
+        else {
+            // The user signed in
+            isSignedIn = true;
+            auth0Token = OAuthToken.access_token;
+        }
+    }
+    // Send token to cloud function to check nonce, create user and retrieve token
+    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.checkNonceOfSIWEAddress);
+    const result = await cf({
+        auth0Token
+    });
+    const { token, valid, message } = result.data;
+    if (!valid) {
+        showError(message, true);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
+    }
+    return token;
+};
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+const authSIWE = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
+        // Console more context for the user.
+        console.log(`${theme.symbols.info} ${theme.text.bold(`You are about to authenticate on this CLI using your Ethereum address (device flow - OAuth 2.0 mechanism).\n${theme.symbols.warning} Please, note that only a Sign-in With Ethereum signature will be required`)}\n`);
+        const spinner = customSpinner(`Checking authentication token...`, `clock`);
+        spinner.start();
+        await sleep(5000);
+        // Manage OAuth Github or SIWE token.
+        const isLocalTokenStored = checkLocalAccessToken();
+        if (!isLocalTokenStored) {
+            spinner.fail(`No local authentication token found\n`);
+            // Generate a new access token using Github Device Flow (OAuth 2.0).
+            const newToken = await executeSIWEDeviceFlow(String(process.env.AUTH_SIWE_CLIENT_ID), firebaseFunctions);
+            // Store the new access token.
+            setLocalAuthMethod("siwe");
+            setLocalAccessToken(newToken);
+        }
+        else
+            spinner.succeed(`Local authentication token found\n`);
+        // Get access token from local store.
+        const token = String(getLocalAccessToken());
+        spinner.text = `Authenticating...`;
+        spinner.start();
+        // Exchange token for credential.
+        const credentials = await signInWithCustomToken(getAuth(), token);
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`);
+        console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
+        process.exit(0);
+    }
+    catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.");
+        console.error(error);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
+    }
+};
+
 /**
  * Return the verification result for latest contribution.
  * @param firestoreDatabase <Firestore> - the Firestore service instance associated to the current Firebase application.
@@ -2347,8 +2660,8 @@ const handleDiskSpaceRequirementForNextContribution = async (cloudFunctions, cer
         spinner.fail(`You may not have enough memory to calculate the contribution for the Circuit ${theme.colors.magenta(`${circuitSequencePosition}`)}.\n\n${theme.symbols.info} The required amount of disk space is ${contributionDiskSpaceRequirement < 0.01
             ? theme.text.bold(`< 0.01`)
             : theme.text.bold(contributionDiskSpaceRequirement)} GB but you only have ${participantFreeDiskSpace > 0 ? theme.text.bold(participantFreeDiskSpace.toFixed(2)) : theme.text.bold(0)} GB available memory \nThe estimate ${theme.text.bold("may not be 100% correct")} since is based on the aggregate free memory on your disks but some may not be detected!\n`);
-        const { confirmation } = await askForConfirmation(`Please, we kindly ask you to continue with the contribution if you have noticed the estimate is wrong and you have enough memory in your machine`, "Continue", "Exit");
-        wannaContributeOrHaveEnoughMemory = !!confirmation;
+        const { confirmationEnoughMemory } = await askForConfirmation(`Please, we kindly ask you to continue with the contribution if you have noticed the estimate is wrong and you have enough memory in your machine`, "Continue", "Exit");
+        wannaContributeOrHaveEnoughMemory = !!confirmationEnoughMemory;
         if (circuitSequencePosition > 1) {
             console.log(`${theme.symbols.info} Please note, you have time until ceremony ends to free up your memory and complete remaining contributions`);
             // Asks the contributor if their wants to terminate contributions for the ceremony.
@@ -2416,8 +2729,12 @@ const handlePublicAttestation = async (firestoreDatabase, circuits, ceremonyId,
     // Write public attestation locally.
     writeFile(getAttestationLocalFilePath(`${ceremonyPrefix}_${commonTerms.foldersAndPathsTerms.attestation}.log`), Buffer.from(publicAttestation));
     await sleep(1000); // workaround for file descriptor unexpected close.
-    const gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix);
-    console.log(`\n${theme.symbols.info} Your public attestation has been successfully posted as Github Gist (${theme.text.bold(theme.text.underlined(gistUrl))})`);
+    let gistUrl = "";
+    const isGithub = getLocalAuthMethod() === "github";
+    if (isGithub) {
+        gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix);
+        console.log(`\n${theme.symbols.info} Your public attestation has been successfully posted as Github Gist (${theme.text.bold(theme.text.underlined(gistUrl))})`);
+    }
     // Prepare a ready-to-share tweet.
     await handleTweetGeneration(ceremonyName, gistUrl);
 };
@@ -2731,7 +3048,7 @@ const contribute = async (opt) => {
     const userDoc = await getDocumentById(firestoreDatabase, commonTerms.collections.users.name, user.uid);
     const userData = userDoc.data();
     if (!userData) {
-        spinner.fail(`Unfortunately we could not find a user document with your information. This likely means that you did not pass the GitHub reputation checks and therefore are not elegible to contribute to any ceremony. If you believe you pass the requirements, it might be possible that your profile is private and we were not able to fetch your real statistics, in this case please consider making your profile public for the duration of the contribution. Please contact the coordinator if you believe this to be an error.`);
+        spinner.fail(`Unfortunately we could not find a user document with your information. This likely means that you did not pass the GitHub reputation checks and therefore are not eligible to contribute to any ceremony. If you believe you pass the requirements, it might be possible that your profile is private and we were not able to fetch your real statistics, in this case please consider making your profile public for the duration of the contribution. Please contact the coordinator if you believe this to be an error.`);
         process.exit(0);
     }
     // Check the user's current participant readiness for contribution status (eligible, already contributed, timed out).
@@ -2931,7 +3248,7 @@ const handleVerificationKey = async (cloudFunctions, bucketName, finalZkeyLocalF
     spinner.text = "Writing verification key...";
     // Write the verification key locally.
     writeLocalJsonFile(verificationKeyLocalFilePath, vKey);
-    await sleep(3000); // workaound for file descriptor.
+    await sleep(3000); // workaround for file descriptor.
     // Upload verification key to storage.
     await multiPartUpload(cloudFunctions, bucketName, verificationKeyStorageFilePath, verificationKeyLocalFilePath, Number(process.env.CONFIG_STREAM_CHUNK_SIZE_IN_MB));
     spinner.succeed(`Verification key correctly saved on storage`);
@@ -2957,7 +3274,7 @@ const handleVerifierSmartContract = async (cloudFunctions, bucketName, finalZkey
     spinner.text = `Writing verifier smart contract...`;
     // Write the verification key locally.
     writeFile(verifierContractLocalFilePath, verifierCode);
-    await sleep(3000); // workaound for file descriptor.
+    await sleep(3000); // workaround for file descriptor.
     // Upload verifier smart contract to storage.
     await multiPartUpload(cloudFunctions, bucketName, verifierContractStorageFilePath, verifierContractLocalFilePath, Number(process.env.CONFIG_STREAM_CHUNK_SIZE_IN_MB));
     spinner.succeed(`Verifier smart contract correctly saved on storage`);
@@ -2983,7 +3300,7 @@ const handleVerifierSmartContract = async (cloudFunctions, bucketName, finalZkey
 const handleCircuitFinalization = async (cloudFunctions, firestoreDatabase, ceremony, circuit, participant, beacon, coordinatorIdentifier, circuitsLength) => {
     // Step (1).
     await handleStartOrResumeContribution(cloudFunctions, firestoreDatabase, ceremony, circuit, participant, computeSHA256ToHex(beacon), coordinatorIdentifier, true, circuitsLength);
-    await sleep(2000); // workaound for descriptors.
+    await sleep(2000); // workaround for descriptors.
     // Extract data.
     const { prefix: circuitPrefix } = circuit.data;
     const { prefix: ceremonyPrefix } = ceremony.data;
@@ -3132,7 +3449,9 @@ const logout = async () => {
             const auth = getAuth();
             await signOut(auth);
             // Delete local token.
+            deleteLocalAuthMethod();
             deleteLocalAccessToken();
+            deleteLocalBandadaIdentity();
             await sleep(3000); // ~3s.
             spinner.stop();
             console.log(`${theme.symbols.success} Logout successfully completed`);
@@ -3194,6 +3513,37 @@ const listCeremonies = async () => {
     }
 };
 
+const listParticipants = async () => {
+    try {
+        const { firestoreDatabase } = await bootstrapCommandExecutionAndServices();
+        const allCeremonies = await getAllCeremonies(firestoreDatabase);
+        const selectedCeremony = await promptForCeremonySelection(allCeremonies, true);
+        const docRef = doc(firestoreDatabase, commonTerms.collections.ceremonies.name, selectedCeremony.id);
+        const participantsRef = collection(docRef, "participants");
+        const participantsSnapshot = await getDocs(participantsRef);
+        const participants = participantsSnapshot.docs.map((participantDoc) => participantDoc.data().userId);
+        console.log(participants);
+        /* const usersRef = collection(firestoreDatabase, "users")
+        const usersSnapshot = await getDocs(usersRef)
+        const users = usersSnapshot.docs.map((userDoc) => userDoc.data())
+        console.log(users) */
+    }
+    catch (err) {
+        showError(`Something went wrong: ${err.toString()}`, true);
+    }
+    process.exit(0);
+};
+
+const setCeremonyCommands = (program) => {
+    const ceremony = program.command("ceremony").description("manage ceremonies");
+    ceremony
+        .command("participants")
+        .description("retrieve participants list of a ceremony")
+        .requiredOption("-c, --ceremony <string>", "the prefix of the ceremony you want to retrieve information about", "")
+        .action(listParticipants);
+    return ceremony;
+};
+
 // Get pkg info (e.g., name, version).
 const packagePath = `${dirname(fileURLToPath(import.meta.url))}/..`;
 const { description, version, name } = JSON.parse(readFileSync(`${packagePath}/package.json`, "utf8"));
@@ -3202,6 +3552,14 @@ const program = createCommand();
 program.name(name).description(description).version(version);
 // User commands.
 program.command("auth").description("authenticate yourself using your Github account (OAuth 2.0)").action(auth);
+program
+    .command("auth-bandada")
+    .description("authenticate yourself in a privacy-perserving manner using Bandada")
+    .action(authBandada);
+program
+    .command("auth-siwe")
+    .description("authenticate yourself using your Ethereum account (Sign In With Ethereum - SIWE)")
+    .action(authSIWE);
 program
     .command("contribute")
     .description("compute contributions for a Phase2 Trusted Setup ceremony circuits")
@@ -3220,25 +3578,26 @@ program
     .action(logout);
 program
     .command("validate")
-    .description("Validate that a Ceremony Setup file is correct")
+    .description("validate that a Ceremony Setup file is correct")
     .requiredOption("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-c, --constraints <number>", "The number of constraints to check against")
     .action(validate);
 // Only coordinator commands.
-const ceremony = program.command("coordinate").description("commands for coordinating a ceremony");
-ceremony
+const coordinate = program.command("coordinate").description("commands for coordinating a ceremony");
+coordinate
     .command("setup")
     .description("setup a Groth16 Phase 2 Trusted Setup ceremony for zk-SNARK circuits")
     .option("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-a, --auth <string>", "The Github OAuth 2.0 token", "")
     .action(setup);
-ceremony
+coordinate
     .command("observe")
     .description("observe in real-time the waiting queue of each ceremony circuit")
     .action(observe);
-ceremony
+coordinate
     .command("finalize")
     .description("finalize a Phase2 Trusted Setup ceremony by applying a beacon, exporting verification key and verifier contract")
     .option("-a, --auth <string>", "the Github OAuth 2.0 token", "")
     .action(finalize);
+setCeremonyCommands(program);
 program.parseAsync(process.argv);

package/dist/types/commands/authBandada.d.ts

@@ -0,0 +1,2 @@
+declare const authBandada: () => Promise<never>;
+export default authBandada;

package/dist/types/commands/authSIWE.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+declare const authSIWE: () => Promise<void>;
+export default authSIWE;

package/dist/types/commands/ceremony/index.d.ts

@@ -0,0 +1,3 @@
+import { Command } from "commander";
+declare const setCeremonyCommands: (program: Command) => Command;
+export default setCeremonyCommands;

package/dist/types/commands/ceremony/listParticipants.d.ts

@@ -0,0 +1,2 @@
+declare const listParticipants: () => Promise<never>;
+export default listParticipants;

package/dist/types/commands/index.d.ts

@@ -1,5 +1,7 @@
 export { default as setup } from "./setup.js";
 export { default as auth } from "./auth.js";
+export { default as authBandada } from "./authBandada.js";
+export { default as authSIWE } from "./authSIWE.js";
 export { default as contribute } from "./contribute.js";
 export { default as observe } from "./observe.js";
 export { default as finalize } from "./finalize.js";

package/dist/types/lib/bandada.d.ts

@@ -0,0 +1,6 @@
+import { GroupResponse } from "@bandada/api-sdk";
+import { Identity } from "@semaphore-protocol/identity";
+export declare const getGroup: (groupId: string) => Promise<GroupResponse | null>;
+export declare const getMembersOfGroup: (groupId: string) => Promise<string[] | null>;
+export declare const addMemberToGroup: (groupId: string, dashboardUrl: string, identity: Identity) => Promise<void>;
+export declare const isGroupMember: (groupId: string, identity: Identity) => Promise<boolean>;